[SECURITY] XSS possibility in RemoveXSS
authorAndreas Wolf <andreas.wolf@ikt-werk.de>
Wed, 28 Mar 2012 11:54:19 +0000 (13:54 +0200)
committerOliver Hader <oliver@typo3.org>
Wed, 28 Mar 2012 11:54:21 +0000 (13:54 +0200)
commit0b925b6c4d53f8653f9d97bb64f5870c57ef45e5
tree1b682ca89a4a4941b4ea47f88ef0c7c82bee077a
parente8ceb3622b5d441f51aed48be471c6a63c78e3d9
[SECURITY] XSS possibility in RemoveXSS

RemoveXSS fails to properly remove non printable characters, especially
zero-byte (\x00) chars.

Change-Id: If1caf9bda7338bd47203b55e27c5a99bbdfed3b0
Fixes: #30188
Security-Commit: 1ff7a55aefd3d4c1690e3f35760ea5ef30dab9b2
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10006
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
tests/contrib/removexssTest.php
typo3/contrib/RemoveXSS/RemoveXSS.php